In 2003, US air travellers were informed that they would have to use a ‘TSA approved’ luggage lock on their checked baggage. These locks could be opened using master keys held by the US’s Transportation Security Administration (TSA), thereby allowing them to inspect any checked item of luggage for explosives and then relock it. Non-approved locks would be broken off by inspectors, leaving the bags unsecured for the sake of national security and passenger safety. In 2015, plans were posted online allowing anybody with a 3D printer to produce their own master keys, giving anybody easy access to Americans’ locked luggage.

Today, the US and some EU governments are reported to want to apply a similar approach to our email and personal communications, calling for public authorities to have ‘back door access’ to encrypted devices and communications services in the name of national security. Unsurprisingly, civil liberties advocates have strongly resisted these calls, but so have technology experts. Pointing to the possibilities for exploits that such backdoor access would create, they have warned of the risk this would pose for cybersecurity in Europe and the companies, people and infrastructure that depend on it.

In this environment, it is understandable that governments, companies and individuals will want to have the most resilient and secure systems and devices. However, whereas the EU’s Commissioner for the Digital Single Market, VP Andrus Ansip, has repeatedly voiced his objection to back door access, the evolving debate in other EU member states could require the Commission to take a more nuanced approach. Measures such as the UK’s recent Investigatory Powers Bill, or the recent vote by French lawmakers to fine companies that do not decrypt data for investigating authorities, could limit the use of the most secure forms of encryption in these countries, such as end-to-end encryption. With other countries such as the Netherlands clearly rejecting limits on encryption, and Hungary reportedly considering a ban on encryption, it is very possible that differing national systems could place pressure on the internal market for digital goods and services, strengthening calls for an EU-wide approach.

Initial steps in this direction have, to some extent, already been taken; the Commission has launched the EU Internet Forum in the context of its work on the European Agenda on Security, bringing together Ministers and CEOs of major internet companies to, amongst other things, explore ‘the concerns of law enforcement on new encryption techniques’. Whilst this has been with the support of the European Parliament, whose MEPs, who last year raised their ‘serious concerns over the increasing use of encryption technologies by terrorist organisations’, its narrow scope and the closed discussion will leave many dissatisfied.

Yet, any decision in the US or another large economy to enable access to encrypted content and communications could make European preferences for stronger security irrelevant. Europe would do well to have an open discussion on what it should do about encryption before it finds itself trying to catch up with decisions made elsewhere.

This website uses cookies, some of which are necessary for the operation of the website and some of which are designed to improve your experience. You can review the cookies we use here. If you are happy with the use of these cookies please continue to browse our website. You may adjust your cookie settings via your chosen browser tools. Learn more

Privacy Policy

We have updated our Privacy Notice for this website. Please click below to review.